Man
Professional
- Messages
- 2,965
- Reaction score
- 488
- Points
- 83
Facts and figures for 9 months of 2024.
In 2024, the number of personal data leaks in Russia decreased: 110 incidents were recorded in nine months, which is less than 145 cases in the same period last year. Such data is provided by Roskomnadzor, which clarifies that companies operating in the field of trade and services were the most susceptible to incidents.
Despite the decrease in the number of breaches, the volume of compromised data continues to grow. In the three quarters of 2024, 286 million unique phone numbers and 96 million email addresses were made publicly available. In 2023 (for January-September), these figures were 213 million records, as specialists from DLBI, a leak intelligence and darknet monitoring service, told Izvestia.
According to data provided by DLBI, the e-commerce sector was the leader in the number of leaks, accounting for 39% of all incidents. In second place was the sector of pharmacies and medical services (10%), followed by financial services (9%) and retail (8%).
At the same time, the financial sector is the leader in terms of the volume of compromised information, accounting for 42% of leaked data. The second largest number of leaks was the entertainment sector (28%), followed by the medical services segment.
Experts note that more than 280 million unique phone numbers leaked in 2024 pose a serious threat. For comparison, according to TMT Consulting, the number of active SIM cards in Russia at the end of 2023 was 258 million. Despite the fact that the population of Russia exceeds 146 million people, it follows from the data of Rosstat (each person usually has more than one phone number). Thus, the contact details of almost every Russian are already in the public domain.Leaks of such data can be used for mass calls to citizens with advertising offers or for fraud.
Experts emphasize that attackers can inspire trust in a potential victim if they know some information related to the victim, such as their name and phone number. This helps to convince the person that the caller is really an employee of the organization on behalf of which he introduces himself. The more information the attackers can provide – details such as passport number or registration address – the more likely it is that the victim will believe and become their target.
The number of attacks in which attackers try to gain access to personal accounts using automated systems for the selection of logins and passwords is also growing. An email address or phone number is enough to do this, as this data is often used as a login. If the same password is used on different resources, by hacking a less secure account, you can gain access to more important ones, for example, bank accounts.
To protect against such threats, we recommend using two-factor authentication, setting unique complex passwords for each account, and applying security solutions on all devices.
Despite the general negative trends, the situation with personal data leaks is gradually improving. Experts point out that in recent years, mainly phone numbers and e-mail addresses have become publicly available, which are not accompanied by more critical data and can be used mainly for spam or enrichment of other databases. Most of these leaks concern small online stores or are the result of parsing open data.
However, there is still a possibility of leaks through contractors, especially marketing and IT companies, which do not always provide the proper level of protection. As a result, while the security of the organizations themselves has improved, their partners may remain vulnerable.
To minimize the consequences of leaks, Roskomnadzor recommends that companies collect only the necessary data and strictly comply with the principles of processing personal information.
Source
In 2024, the number of personal data leaks in Russia decreased: 110 incidents were recorded in nine months, which is less than 145 cases in the same period last year. Such data is provided by Roskomnadzor, which clarifies that companies operating in the field of trade and services were the most susceptible to incidents.
Despite the decrease in the number of breaches, the volume of compromised data continues to grow. In the three quarters of 2024, 286 million unique phone numbers and 96 million email addresses were made publicly available. In 2023 (for January-September), these figures were 213 million records, as specialists from DLBI, a leak intelligence and darknet monitoring service, told Izvestia.
According to data provided by DLBI, the e-commerce sector was the leader in the number of leaks, accounting for 39% of all incidents. In second place was the sector of pharmacies and medical services (10%), followed by financial services (9%) and retail (8%).
At the same time, the financial sector is the leader in terms of the volume of compromised information, accounting for 42% of leaked data. The second largest number of leaks was the entertainment sector (28%), followed by the medical services segment.
Experts note that more than 280 million unique phone numbers leaked in 2024 pose a serious threat. For comparison, according to TMT Consulting, the number of active SIM cards in Russia at the end of 2023 was 258 million. Despite the fact that the population of Russia exceeds 146 million people, it follows from the data of Rosstat (each person usually has more than one phone number). Thus, the contact details of almost every Russian are already in the public domain.Leaks of such data can be used for mass calls to citizens with advertising offers or for fraud.
Experts emphasize that attackers can inspire trust in a potential victim if they know some information related to the victim, such as their name and phone number. This helps to convince the person that the caller is really an employee of the organization on behalf of which he introduces himself. The more information the attackers can provide – details such as passport number or registration address – the more likely it is that the victim will believe and become their target.
The number of attacks in which attackers try to gain access to personal accounts using automated systems for the selection of logins and passwords is also growing. An email address or phone number is enough to do this, as this data is often used as a login. If the same password is used on different resources, by hacking a less secure account, you can gain access to more important ones, for example, bank accounts.
To protect against such threats, we recommend using two-factor authentication, setting unique complex passwords for each account, and applying security solutions on all devices.
Despite the general negative trends, the situation with personal data leaks is gradually improving. Experts point out that in recent years, mainly phone numbers and e-mail addresses have become publicly available, which are not accompanied by more critical data and can be used mainly for spam or enrichment of other databases. Most of these leaks concern small online stores or are the result of parsing open data.
However, there is still a possibility of leaks through contractors, especially marketing and IT companies, which do not always provide the proper level of protection. As a result, while the security of the organizations themselves has improved, their partners may remain vulnerable.
To minimize the consequences of leaks, Roskomnadzor recommends that companies collect only the necessary data and strictly comply with the principles of processing personal information.
Source
